Security researchers with Palo Alto Networks have been tracking a malware campaign involving the distrubution of the Redaman banking Trojan through widespread malspam campaigns with varying subject lines relating to debt collection and other financial obligations. The campaign mainly targets Russian speakers, although emails containing the Trojan as an attachment have been sent to people from various countries around the globe, including the US.
Redaman is designed to steal login credentials and other data that can enable threat actors to access online banking accounts. The malware’s capabilities are typical for a banking Trojan, as it can do things like logging keystrokes, taking screenshots, making video recordings of the desktop and stealing clipboard data on infected devices.
Read more: This malware uses debt to prey on banking victims